我有这段代码,如果用户点击它,链接将被文本替换,使其无法再次点击。现在的问题是,如果用户直接在URL中访问它,那么它将模拟链接点击。那么如何阻止用户直接访问网址呢?
<?php
$isAdded = ActiveSubject::find()->where(['clientid' => $_user,'subjectid' => $subjects['subjectid'],])->exists();
if($isAdded):
?>
<b><p class="text-muted">ADDED</p></b>
<?php else: ?>
<p>
<?= Html::a('<b>ADD</b>',['site/addsubject', 'subjectid'=>$subjects['subjectid'], 'clientid' => $_user],['class' => 'btn-info btn-transparent btn-large']) ?>
</p>
<?php endif; ?>
</td>
<td>
<?= $subjects['slots'] ?>
</td>
<td>
<?php if($isAdded): ?>
<p class="text-primary">Awaiting Confirmation</p>
<?php endif; ?>
答案 0 :(得分:0)
将其设为POST链接,以便点击该链接并且无法直接从浏览器运行
即
将'data-method' => 'post'添加到HTML::a
<?= Html::a('<b>ADD</b>',['site/addsubject', 'subjectid'=>$subjects['subjectid'], 'clientid' => $_user],['class' => 'btn-info btn-transparent btn-large', 'data-method' => 'post']) ?>
在访问规则中,您可以添加规则以仅接受POST请求
即
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'addsubject' => ['post'],
],
],
希望这会有所帮助。感谢。
编辑:
以下是SiteController
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'allow' => True,
'actions' => [],
'roles' => []
],
[
'actions' => ['login', 'error', 'captcha'],
'allow' => true,
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['post'],
'addsubject' => ['post'],
],
],
];
}
答案 1 :(得分:0)
在控制器中
public function behaviors()
{
return [
'access' => [
'class' => AccessControl::className(),
'rules' => [
[
'actions' => ['addsubject'],
'allow' => true,
'roles' => ['addsubject', 'yourmodelname'],
],
[
'allow' => true,
'roles' => ['superAdmin', 'admin', 'managerModule1', 'managerApp'],
],
],
],
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'addsubject' => ['post'],
],
],
];
}
结帐这两个答案
how to deny the access of url in yii even if we know the url?
您可以在其中了解过滤器的使用。